Hi All,
2 days ago we recently moved our Certificate Authority from one 2008 R2 server to another - this was successful and we can continue to issue certificates and administer our PKI across our network (note that the CA name remained the same).
I have just now noticed though that our 802.11 policy wireless clients are unable to authenticate against our existing (and unmodified) NPS server and get on WiFi. The only error message the clients get is;
Log Name: System
Source: Schannel
Date: 24/10/2014 11:01:07
Event ID: 36887
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: laptop.domain.local
Description:
A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 49.
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /><EventID>36887</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime="2014-10-24T10:01:07.320613000Z" /><EventRecordID>29980</EventRecordID><Correlation /><Execution ProcessID="584" ThreadID="624" /><Channel>System</Channel><Computer>laptop.domain.local</Computer><Security UserID="S-1-5-18" /></System><EventData><Data Name="AlertDesc">49</Data></EventData></Event>Finding anything specific on fatal alert code 49, TLS1_ALERT_ACCESS_DENIED, is pretty impossible. The only other instance of this problem I've found is here where the user resorted to removing the NPS role completely, issuing a new certificate on the NPS server and reinstalling and configuring NPS from scratch. This would be a pain for us as we use NPS for other RADIUS device and RDG authentications so I'd like to avoid that route if possible.
I have tried issuing a new certificate and restarting the NPS service but that hasn't made any difference.
If anyone can shed any light on this and offer any help it'd be appreciated.
Many thanks in advance.